Bug 1370435 - [networking_public_107] The service cannot be accessed when set the enableUnidling to false on node
Summary: [networking_public_107] The service cannot be accessed when set the enableUni...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: Ben Bennett
QA Contact: Meng Bo
Depends On:
TreeView+ depends on / blocked
Reported: 2016-08-26 10:23 UTC by Meng Bo
Modified: 2017-03-08 18:26 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The new unidling feature had a bug where it removed the service proxier when unidling was disabled. Consequence: The service would not work. Fix: Fix the bug. Result: The service works.
Clone Of:
Last Closed: 2016-09-27 09:46:25 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1933 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.3 Release Advisory 2016-09-27 13:24:36 UTC
Origin (Github) 10667 None None None 2016-08-26 13:03:01 UTC

Description Meng Bo 2016-08-26 10:23:42 UTC
Description of problem:
Modify the node-config to set the enableUnidling to false and restart the node service. Create service/pod and try to access the service and pod ip:port. The service ip cannot be accessed.

Version-Release number of selected component (if applicable):
openshift v3.3.0.23-dirty
kubernetes v1.3.0+507d3a7
etcd 2.3.0+git

How reproducible:

Steps to Reproduce:
1. Setup multinode env with 1 master 1 node 
2. Modify the node-config on the node to set the enableUnidling to false
# cat node-config.yaml
  execHandlerName: ""
iptablesSyncPeriod: "30s"
kind: NodeConfig
enableUnidling: false
3. Restart the node service to make it works
4. Create service and rc
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/networking/list_for_pods.json
$ oc get all -owide 
NAME               DESIRED         CURRENT       AGE         CONTAINER(S)   IMAGE(S)                SELECTOR
rc/test-rc         2               2             13m         test-pod       bmeng/hello-openshift   name=test-pods
NAME               CLUSTER-IP      EXTERNAL-IP   PORT(S)     AGE            SELECTOR
svc/test-service   <none>        27017/TCP   13m            name=test-pods
NAME               READY           STATUS        RESTARTS    AGE            IP         NODE
po/test-rc-3wqhb   1/1             Running       0           13m     host-8-172-121.host.centralci.eng.rdu2.redhat.com
po/test-rc-4b8ow   1/1             Running       0           13m     host-8-172-121.host.centralci.eng.rdu2.redhat.com

5. Try to access the svc from the pod
[root@fedora23 v3]# oc exec test-rc-3wqhb -- curl -s
Hello OpenShift!
[root@fedora23 v3]# oc exec test-rc-3wqhb -- curl -s
Hello OpenShift!
[root@fedora23 v3]# oc exec test-rc-3wqhb -- curl -s
error: error executing remote command: error executing command in container: Error executing in Docker Container: 7

6. Check the iptables rules on the node 
# iptables -t nat -nL | grep

Actual results:
5. The service ip:port cannot be accessed from cluster.
6. Nothing found in iptables.

Expected results:
5. The service should be able to access from inside the cluster.

Additional info:

Comment 1 openshift-github-bot 2016-08-26 22:23:35 UTC
Commit pushed to master at https://github.com/openshift/origin

Restores the service proxier when unidling is disabled

The unidling code change had inadvertently removed the proxier when
idling was disabled.  This change restores the default proxier
(userspace or iptables depending on the config).

Bug 1370435

Comment 3 Meng Bo 2016-08-30 06:12:31 UTC
Tested on build v3.3.0.27, issue has been fixed.

The service can be accessed when setting the enableUnidling to false on nodes.

Comment 5 errata-xmlrpc 2016-09-27 09:46:25 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.